Live from VB2007 - part 2
Thursday September 20, 2007 at 4:23 pm CST
Posted by Alex Hinchliffe
Welcome, from the capital of Austria and the floor of the second day of the 2007 VirusBulletin conference. Today has proved another exciting day in the Anti-Malware world with presentations from our very own Joe Telafici and Dmitry Gryaznov co-presenting on how the AV community are DoS-ing themselves by collecting and swapping malware.
Joe and Dmitry on stage
In addition Dmitry presented, on behalf of Ahmed Sallam, the topic of “Terminating Hidden Processes”. This topic was very interesting and covered the popular tactic used by rootkits to hide their process from user land applications. A side effect of this is that the termination of this hidden process can cause serious instability in the operating system and often BSODs if a new application is launched post termination. This instability occurs because the pointers to and from one process to another are manipulated by the rootkit. Ahmed’s paper contained suggestions on fixes to this problem and how our Rootkit Detective is not affected.
In some shameless self-promotion my (first VirusBulletin) presentation from yesterday was referenced no less than three times today by other security professionals. Josh Harriman (Symantec) mentioned it this morning when referring to remediation of more complex threats, whilst Roel Schouwenberg (Kaspersky) mentioned it during his last-minute presentation on “Targeted banker malware on demand” (referring to a variant of W32/Alvabrig) as too did Kurt Baumgartner (PC Tools) in his presentation “Storm – Malware 2.0 has arrived”.
Me discussing a patched wininet.dll file
A special event occurred today – the introduction of last-minute presentations! Based on feedback from last year’s VirusBulletin conference it was agreed that, in order to encourage papers and presentations covering up-to-the-minute malware and research topics, security professionals were invited to submit papers just two weeks before the conference itself. Eight presentations (of 20 minutes each) ran back to back in the technical stream of this afternoon’s schedule. All the presentations were good and indeed most were very topical.
Tonight is the gala dinner and cabaret, which should be very entertaining, so until tomorrow it’s goodbye from me!
September 21st, 2007 at 1:18 am
I nearly submitted a last minute paper to this thing myself, until I found out about it having to be submitted so late and only finding out if you’d be speaking, like, a week before the thing took place.
That seems dazzlingly stupid to me. Vienna isn’t exactly cheap anyway, and then throw in last minute airfares, packed out accomodation due to every security researcher on the planet being in town and you have a recipe for not-bothering-to-turn up. I wish security conference organisers would start using their heads a little more.
September 21st, 2007 at 3:57 am
The video of the conference will be published ?
Greezt
September 24th, 2007 at 2:33 am
In response to Paperghost, as the organizer of VB2007 I would like to make it known that we solicited the opinions of several members of the anti-malware industry, past attendees of VB conferences and past speakers at VB conferences when planning the last-minute presentations feature of the conference.
Opinion was _unanimous_ that submissions should be accepted as late as 2 weeks prior to the conference in order to achieve presentations that were as up-to-the-minute as they possibly could be. The whole idea of the last-minute presentations was to get away from the early deadline constraints involved with regular papers, and to make these ones as current as possible.
Initially it was assumed that those submitting ideas for the last-minute presentations would be people who were already registered for the conference - thus they would already have made their travel arrangements. In fact, it turned out that we received submissions from a large number of people who had not registered for the conference, as well as those who were already booked in.
In the event, only one of the selected speakers was unable to attend (due to visa issues), but his paper was presented by a colleague, thus all eight of the last-minute papers were given as planned.
This year the last-minute presentations were something of an experiment, and the overwhelming response from those who attended was very positive indeed. As such, it seems likely that last-minute presentations will become a permanent feature in VB conferences going forward.